Apple has released an emergency patch to protect older iPhones and Macs from last week’s newly discovered spyware attack, which has been traced to NSO Group, a notorious surveillance dealer.
On Monday, the company released the patches through an iOS 15.7.9 update that covers devices including the iPhones 6s, iPhone 7, and iPhone SE models, plus the iPad Air 2. In addition, Apple is pushing a patch for macOS Big Sur and Monterey meant for Mac models dating back to 2013.
The patches are designed to protect the products from the vulnerability CVE-2023-41064, which Apple warned last week is being actively exploited. The flaw can allow a hacker to send a booby-trapped image to trigger an iPhone, iPad, or Mac to run rogue computer code, like potentially downloading malware or visiting a malicious website.
A watchdog group called Citizen Lab discovered the vulnerability while checking the device of “an individual employed by a Washington, D.C.-based civil society organization with international offices.” The investigation revealed the device had been infected with spyware from NSO Group, an Israeli company that sells its surveillance programs to foreign government and law enforcement groups.
“The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen lab added. “The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim.”
The vulnerability is so powerful that security experts everywhere are encouraging Apple users to patch their devices as soon as possible. On Monday, US cyber agency CISA issued its own warning, saying “these types of vulnerabilities are frequent attack
Read more on pcmag.com